Added on 06 Jul 2009(597 Views)
Security expert Charlie Miller, which you might remember from the PWN2OWN competition where he managed to hack into Apple’s Safari in about 10 seconds, has uncovered a rather nasty security vulnerability affecting the iPhone. The vulnerability that Charlie Miller uncovered refers to the manner in which the iPhone handles text messages (SMS), which in turn could grant a person with malicious intent to gain root access to the device.Unfortunately for those of you that want more details on the matter, Charlie Miller could not provide in-depth details on the vulnerability he uncovered, for obvious security reasons. If the details were to be released before Apple has time to work on a fix then anyone could potentially exploit this SMS vulnerability.
What we do know is this: the iPhone handles SMS messages in a dangerous manner that could allow a person with malicious intent to remotely install and run unsigned software code with root access on the device. The attacker could for example send software code on the iPhone via SMS and thanks to this malicious code the attacker could turn on the device’s microphone and listen in to your conversation, could turn on the device’s GPS and know precisely where you are, or could add the iPhone to a botnet or distributed denial of service attack.
It sounds gloom, I know, but there is one upside. Charlie Miller does not have an exploit for this vulnerability so far, just a very suspicious crash (he can crash part of the device and temporarily disconnect it from the network). On top of that Apple is reportedly already aware of this issue and is currently working with Miller on a patch. The fix is supposed to be rolled out later this month, before Charlie Miller is due to make a detailed presentation on how to “inject SMS messages into iPhone, Android, and Windows Mobile devices” at the Black Hat 2009 event (25th through 30th of July, Caesar’s Palace, Las Vegas).
In related news, we already know that Apple is working on the iPhone OS 3.1 update. Let’s just hope that alongside the fixes and improvements it has to offer, a fix for this SMS vulnerability is also included.
Don't forget to:
RSSTags: Apple, iPhone, SMS, Vulnerability, Charlie Miller
Link to this article:
Add comment:
Software News
Fun Friday Feature: Cry Translator iPhone App
I remember that some obscure school teacher once told me that speech separates man from beast. Now I always found that reasoning to be somewhat flawed. What about parrots? They can speak – sort of. Or...
I remember that some obscure school teacher once told me that speech separates man from beast. Now I always found that reasoning to be somewhat flawed. What about parrots? They can speak – sort of. Or...
06 Nov 2009
Chrome 3.0 and 4.0 Updated on the Stable and Dev Channel
The guys over at Google are keeping as busy, of not more so, as the guys over at Mozilla. While the Mozilla Foundation has recently released Firefox 3.6 Beta 1 and Firefox 3.5.5, Mountain View-based search engine giant Google ...
The guys over at Google are keeping as busy, of not more so, as the guys over at Mozilla. While the Mozilla Foundation has recently released Firefox 3.6 Beta 1 and Firefox 3.5.5, Mountain View-based search engine giant Google ...
06 Nov 2009
November 09 Patch Tuesday: 6 Security Bulletins, 15 Vulnerabilities
Next week’s first two days are already booked. On Monday, the 9th of November, we will be celebrating Firefox’s 5th anniversary. On Tuesday, we will focus on something less entertaining, mainly patching our...
Next week’s first two days are already booked. On Monday, the 9th of November, we will be celebrating Firefox’s 5th anniversary. On Tuesday, we will focus on something less entertaining, mainly patching our...
06 Nov 2009
Firefox 3.5.5 Update Released
The Mozilla Foundation has released another update for its browser, mainly Firefox 3.5.5. The update follows in the footsteps of Firefox 3.5.4, an update that was released about a week back...
The Mozilla Foundation has released another update for its browser, mainly Firefox 3.5.5. The update follows in the footsteps of Firefox 3.5.4, an update that was released about a week back...
06 Nov 2009
iTunes 9.0.2 Update Loves Apple TV 3.0 Software, Breaks Palm Pre Syncing (Again)
Cupertino-based software developer Apple has recently updated its digital media player iTunes to version 9.0.2. The update, which follows in the footsteps of iTunes 9.0.1 and iTunes 9.0, brings forth one significant new change...
Cupertino-based software developer Apple has recently updated its digital media player iTunes to version 9.0.2. The update, which follows in the footsteps of iTunes 9.0.1 and iTunes 9.0, brings forth one significant new change...
05 Nov 2009
Blacksn0w: Unlock Tool for the iPhone 3G and 3GS
Great news for iPhone 3G and iPhone 3GS users that updated the device to baseband version 05.11; or iPhone 3G and iPhone 3GS users that bought the device with an updated baseband. Original iPhone hacker...
Great news for iPhone 3G and iPhone 3GS users that updated the device to baseband version 05.11; or iPhone 3G and iPhone 3GS users that bought the device with an updated baseband. Original iPhone hacker...
05 Nov 2009
Recommended Tools
Registry Booster 2009
Clean, Repair and Optimize your PC with the #1 industry leading and award-winning utility
Clean, Repair and Optimize your PC with the #1 industry leading and award-winning utility
Driver Scanner 2009
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
Fast and easy, it boosts performance by scanning for, downloading & installing driver updates
SpeedUpMyPC 2009
How fast is your PC really running? Turbo-charge your Internet and PC performance here
How fast is your PC really running? Turbo-charge your Internet and PC performance here
Nero Burning ROM
LimeWire Basic
Yahoo! Messenger
Winamp
Mozilla Firefox
eMule
BitComet
iTunes
Google Earth
uTorrent